Data Protection Do’s and Don’ts

A business continuity and disaster recovery (BCDR) solution plays a critical role in protecting your customers from a wide range of threats and disasters if you follow a few basic best practices.

Most MSPs would agree that BCDR is a core technology that every customer needs. But, too many IT solution providers think of BCDR as little more than a checklist item, which once installed is all but forgotten. For the most part, backed up files and systems are the last thing on anyone’s mind. At some point, however, someone will delete an important file, a system will get infected with ransomware, or a hard drive will fail and that forgotten backup will become all-important. By following a couple of best practices (the “do’s”) and avoiding a couple of common pitfalls (the “don’ts”), you can use these opportunities to affirm your customer’s decision to choose your company as its trusted business advisor.

#1: Do Avoid Cost-Per-Gigabyte Backup Plans

In the past, backing up data to the cloud was often sold by the gigabyte with price reductions given once specific thresholds were met (e.g. a 10 percent cost-per-gigabyte [CPG] reduction after reaching 100 GB level). These data plans were often cost-prohibitive for many SMBs, resulting in a difficult sell for MSPs — especially if they wanted to offer fixed-fee plans.

Another downside with CPG plans is that they lead to tedious discussions between MSPs and their customers about prioritizing which data is important enough to be backed up to the cloud and which data is backed up locally only. Not only do these conversations waste time, they add unnecessary complexity to the BCDR process. Plus, customers may regret their decisions about what’s critical and what’s not after something goes wrong.

Within the past few years, cloud backup costs have come down significantly, and some cloud providers have done away with their former CPG pricing models, using block pricing and other innovative approaches to allow MSPs to back up all of their customers’ data without all the fuss and provides projectable costs that make it easier to run their business. If your BCDR vendor hasn’t evolved with the times, it may be time to find a new provider.

#2: Don’t Let Customers Manage Backups Themselves

Let the experts help!There are lots of choices when it comes to backup software, and there is no doubt your customers can find cheaper alternatives to your BCDR offering, including solutions from Microsoft and Apple that come with their operating systems at no extra cost. While it may be tempting to allow customers to use these or other consumer-grade backups as “good enough” data protection, you can be sure this decision will come back to haunt you when the customer needs to recover a lost file or roll back its system to a pre-infected state.

Consumer backup apps offer limited features and functionality. For example, if a customer accidentally deletes a file, you don’t want to perform a two-hour system image restore to retrieve it. Plus, consumer backup applications are not managed, so even if the backups work properly early on, events such as software updates and system patches can cause backups to stop working without warning.

With a managed BCDR solution, on the other hand, each customer’s computers and servers can be viewed from a web-based portal. If a backup fails, an automated alert lets you know right away, and in many cases the problem can be fixed remotely.

#3: Do Include Data Recovery Parameters in Your SLA

Some SMBs (and MSPs) put so much emphasis on backing up data, including creating backups in multiple locations and ensuring the health of their backups, that they neglect the other part of the equation, which is recovery. For instance, if a customer’s server crashes, and it takes three days to procure and build a new server and restore the data, your customer may lose a dozen clients and be on the brink of going out of business by the time everything is back up and running. Although the data was “protected,” an unacceptable recovery time devalues the solution.

To avoid this scenario, it’s important to address your customers’ RTO (recovery time objective) and RPO (recovery point objective) needs ahead of time. If, for example, your customer has a two-hour RTO and it can’t lose more than four hours’ worth of data (i.e. a four-hour RPO), then you need to ensure your BCDR solution can meet those objectives. And the details of your RTO and RPO commitment must be spelled out in your SLA (service level agreement).

#4: Don’t Wait For Disasters to Validate Your Data Recovery Strategy

While managed BCDR solutions offer some peace of mind that backups are working as planned (e.g. successful backups show up in green, failed backups show up in red), there is one further step you should take to avoid the small chance of getting burned by a “false positive.” The extra step entails periodically validating your recovery plan. With traditional backup and recovery apps, performing recovery tests is highly impractical, especially if you are attempting to recover a 1 TB (or greater) physical image.  

If, however, your BCDR solution supports virtualization, you can perform a virtual machine (VM) restore in a fraction of the time it takes to do a physical image recovery. Additionally, you can perform the recovery in an environment that’s dissimilar to the production environment, which eliminates the necessity of building duplicate servers and drivers before beginning the restore process. What’s also attractive about performing a VM restore is that it can be performed without disrupting the customer’s production environment and with minimal effort on your part.

Eventually your customer is going to face a situation that requires data to be restored from a backup, whether it’s a single file that was deleted or an entire network of files encrypted by a ransomware infection. Whether the recovery is a success or a flop, you can be sure of one thing – your company’s reputation will be tied to this experience no matter what. Be sure to accept this fact ahead of time, and follow the safeguards mentioned earlier to ensure their experience is so positive that you can use that customer for a testimonial afterward.

By Chris Crellin, Senior Director of Product Management for Intronis

Senior Director of Product Management Chris Crellin leads product strategy and management for Intronis. Over the past 15 years, Chris has developed a strong record of successfully developing product strategy and driving execution from concept to delivery. Chris joined Intronis from Backupify/Datto, Inc., where he was responsible for product strategy and execution of their cloud backup SaaS portfolio. Prior to Datto, he spent 14 years with RSA, the Security Division of EMC. He was the lead product manager for the RSA SecurID portfolio after having started his career as a software engineer.

« Previous Post Back to Blog Next Post »